If a URL points to a hostname with both AAAA and A records in DNS Squid tries the AAAA record first (which is the sensible behavior). If it however cannot establish a connection over IPv6 it doesn't fallback to IPv4 as it should. This causes problem for systems with broken IPv6 connectivity (e.g. "ftp.plig.net").
Here is the error message I get: The following error was encountered while trying to retrieve the URL: http://ftp.plig.net/ Connection to 2001:6f8:601:1:45::1 failed. The system returned: (60) Connection timed out The remote host or network may be down. Please try the request again. Your cache administrator is webmaster@zhadum.org.uk.
Seems to be worst on a machine with IPv6 abilities but not IPv6 connection. The error page only shows when the forwarding tries timeouts aggregate is larger than the request timeout.
*** Bug 2783 has been marked as a duplicate of this bug. ***
*** Bug 2834 has been marked as a duplicate of this bug. ***
Is a fix in progress?? It's a very annoying and visible bug for users. Here on Fedora: [0:10:root@pegasus ~]# uname -a Linux pegasus.houtsma.net 2.6.32.9-70.fc12.x86_64 #1 SMP Wed Mar 3 04:40:41 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux [0:14:root@pegasus ~]# rpm -q squid squid-3.1.0.17-3.fc12.x86_64 It is almost 100% reproducable. The first time you load google or youtube, you get the message: (101) Network is unreachable When you click Reload, the page loads fine and you can work as long as you don't idle. When you idle 30 seconds or so, you will get the same error message again. Reload resolves the issue always. Debug showed that squid tries to resolve www.google.com, it receives a lot of ipv6 AAAA records.... Looks like squid is not getting to the ipv4 A records and times out with the above message! The squid server (fedora) has ipv6 capabilities but there are no ipv6 tunnels set up or any ipv6 connectivity. I hope this can be fixed soon or that there is some workaround. Users complain!
We are looking into the issue. No guess yet when a fix might be available. For now I'd suggest a good workaround is to setup IPv6 :) All you need is to configure the firewall for IPv6 and install miredo client. This will let your Squid do IPv6-outbound connections safely without opening you to inbound. As an aside: In order to get the IPv6 IPs from google you or your ISP had to sign a contractual agreement with Google that IPv6 connections are available to and working for all IPv6-capable client hosts within the network.
(In reply to comment #6) > As an aside: In order to get the IPv6 IPs from google you or your ISP had to > sign a contractual agreement with Google that IPv6 connections are available to > and working for all IPv6-capable client hosts within the network. Yes, i am sure they have because this ISP (Xs4all) in the Netherlands offers full ipv6 connectivity. You can setup ipv6 tunnels that terminate at the ISP i.s.o. to ipv6 providers further away on the internet. I will think about setting up a tunnel as well. Thanks, Jan
*** Bug 2640 has been marked as a duplicate of this bug. ***
Henrik has done a lot of cleanup on the comm failure handling. I believe this bug is now resolved in the latest 3.1.3 snapshots. There are still issues with tcp_outgoing_address and v4/v6 selection. But the documented workaround hacks also work better now than before.
Yes, i can confirm this solution works. Thanks, Jan